abhinav1592
commented
4 years ago This change-set fixes the problem:
anon = None
if("password" in options):
data = data.decode()
anon = data.replace(options["password"], "XXX")
data.encode()
else:
anon = data
Overview Description:
When we try to create a volume or create a consistency group and take a snapshot of it and debug logs are enabled, password is exposed for XIV storage in the logs.
Environment:
[root@jupiter-vm1595 ~]# cat /etc/os-release NAME="Red Hat Enterprise Linux" VERSION="8.2 (Ootpa)" ID="rhel" ID_LIKE="fedora" VERSION_ID="8.2" PLATFORM_ID="platform:el8" PRETTY_NAME="Red Hat Enterprise Linux 8.2 (Ootpa)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:redhat:enterprise_linux:8.2:GA" HOME_URL="https://www.redhat.com/" BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8" REDHAT_BUGZILLA_PRODUCT_VERSION=8.2 REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" REDHAT_SUPPORT_PRODUCT_VERSION="8.2"
PyXCLI version
[root@jupiter-vm1595 ~]# rpm -qa | grep pyxcli python3-pyxcli-1.2.1-5.ibm.el8.noarch
Steps to Reproduce: **
OR
Log files stack-trace:
2020-10-12 06:27:38.830 1872530 INFO cinder.volume.drivers.ibm.ibm_storage.xiv_proxy [req-576185ae-1904-43c5-a78e-eaa55292bdd6 0688b01e6439ca32d698d20789d52169126fb41fb1a4ddafcebb97d854e836c9 d3b0cf23e0f14c13af9a14ab16b09fd8 - default default] _call_xiv_xcli #1: cg_snapshots_create 2020-10-12 06:27:38.831 1872530 DEBUG xcli [req-576185ae-1904-43c5-a78e-eaa55292bdd6 0688b01e4439ca32d698d20789d52169126fb41fb1a4ddafcebb97d854e836c9 d3b0cf23e0f14c12af9a14ab16b09fd8 - default default] `SEND
Expected Results: Username and Password should not be exposed in log files. Password should have been 'XXX'